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IN THE CLAIMS 

What is claimed is: 

1 . (Currently Amended) A method for transmitting data according to a 
signature-based protocol comprising: 

generating, at a server, a signature corresponding to a signature block, 
the signature block having a covered data portion and an information object 
portion, the signature computed only on data in the covered data portion, the 
server conversant in a predetermined protocol and the signature and signature 
block being conformant with the predetermined protocol; 

storing, at the server, the signature in the signature block, the signature 
covering the covered data portion and the information object portion remaining 
independent of the signature; 

transmitting to a remote client also conversant in the predetermined 
protocol, the signature block, the remote client being a nonsigning client unable 
to generate the signature in the signature block, the signature block further 
operable to store, in the information object portion, payload data in a 
nondestructive manner, the nondestructive manner operable to preserve the 
covered data portion and corresponding signature without regenerating the 
signature such that the payload data is not included in computing the signature , 
the covered data portion remaining unwritten by the nonsigning client; 

storing in the information object portion further comprising storing the 
payload data in the information object portion at the remote client, the remote 
client being unencumbered by signature generation operability, the signature 
block receivable by a recipient destination having capability to authenticate the 
signature, the recipient destination further conversant in the predetermined 
protocol. 

2. (Original) The method of claim 1 wherein the signature block further 
includes a signature value portion, the signature value portion operable to store 



U.S. Application No.: 10/664,613 Attorney Docket No.: SUN03-06(P9621) 

-3- 

the signature as an authentication indicator according to the predetermined 
protocol, wherein storing further comprises storing the signature in the signature 
value portion. 

3. (Original) The method of claim 1 wherein the signature block further 
includes a key information portion, further comprising storing an authentication 
indicator to a validation instrument in the key information portion, the validation 
instrument operable to authenticate the signature value portion using the 
signature. 

4. (Original) The method of claim 3 wherein the validation instrument 
corresponds to an inverse operation of the generating of the signature. 

5. (Canceled) 

6. (Original) The method of claim 1 wherein storing the payload data further 
comprises generating a transmission block conformant with the predetermined 
protocol and operable to be received as a signature authenticated transmission 
by a destination node according to the predetermined protocol. 

7. (Original) The method of claim 1 wherein generating the signature further 
comprises generating a signature corresponding to the covered data portion of 
the signature block. 

8. (Original) The method of claim 1 further comprising computing a digest on 
the covered data portion, the digest substantially indicative of the data in the 
covered data portion. 
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9. (Original) The method of claim 3 wherein the validation instrument is a 
public key and generating the signature further comprises generating a signature 
using the private key corresponding to the public key. 

10. (Currently Amended) A method for transmitting data from a nonsigning 
client according to a signature-based protocol, comprising: 

receiving a signature block and a signature corresponding to the signature 
block, the signature block having a covered data portion corresponding to the 
signature, and an information object portion, the signature computed only on data 
in the covered data portion, the receiving performed by a nonsigning client which 
does not compute the signature and is unencumbered by components operable 
to compute the signature, the receiving client conversant in a predetermined 
protocol and the signature and signature block being conformant with the 
predetermined protocol; 

storing, in the information object portion of the signature block, payload 
data in a nondestructive manner, the nondestructive manner operable to 
preserve the covered data portion and the corresponding signature without 
regenerating the signature such that the payload data is not included in 
computing the signature , the signature covering the covered data portion and the 
information object portion remaining independent of the signature, the covered 
data portion remaining unwritten by the nonsigning client; and 

transmitting, according to the predetermined protocol, the signature block 
to a recipient destination conversant in the predetermined protocol, the 
information object portion included in the signature block according to the 
predetermined protocol, the signature block including the public key 
corresponding to a private. key employed in generating the signature, the 
included public key thus providing a self-authentication message for delivery to 
the recipient destination. 
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1 1 . (Original) The method of claim 10 wherein the signature block further 
includes a signature value portion, the signature value portion operable to store 
the signature as an authentication indicator deterministic of the signature 
according to the predetermined protocol. 

12. (Original) The method of claim 10 wherein the signature block further 
includes a key information portion operable to store an authentication indicator to 
a validation instrument, the validation instrument operable to authenticate the 
signature value portion using the signature. 

13. (Original) The method of claim 10 wherein the receiving is performed by a 
nonsigning client which does not compute the signature and is unencumbered by 
components operable to compute the signature. 

14. (Original) The method of claim 10 wherein receiving the signature further 
comprises indexing a remote signature repository, and the client is further 
operable to store the received signature in the signature block according to the 
predetermined protocol. 

15. (Original) The method of claim 10 further comprising 

receiving an authentication instrument corresponding to the signature, and 
storing the received authentication instrument in the signature block with 
the signed information portion and the signature. 

16. (Original) The method of claim 15 wherein the received authentication 
instrument is a public key corresponding to the private key for generating the 
signature, and storing further comprising forming a self-signed message by 
storing the public key in the key information portion. 
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1 7. (Original) The method of claim 1 3 further comprising: 
receiving, at the nonsigning client, a plurality of signatures and 

corresponding covered data portions; 

selecting a first signature for inclusion in a first signature message for 
transmission to a destination recipient; 

selecting a second signature different than the first signature for inclusion 
in a second signature message for transmission to the same destination 
recipient. 

18. (Original) The method of claim 17 wherein selecting the first and second 
signatures is performed based on signature selection logic, the signature 
selection logic for analyzing the covered data portion and the information object 
portion of the signature message to select an expected signature result at the 
destination recipient. 

19. (Original) The method of claim 18 wherein the signature selection logic is 
operable for analyzing the covered data portion based on at least one of the 
content type, size, creation date, and sparsity of the data. 

20. (Currently Amended) A data communications device for transmitting data 
according to a signature-based protocol comprising: 

a cryptographic engine operable to generate a signature corresponding to 
a signature block, the signature block having a covered data portion and an 
information object portion, the signature computed only on data in the covered 
data portion, the server conversant in a predetermined protocol and the signature 
and signature block being conformant with the predetermined protocol; 

a metalanguage processor conversant in the predetermined protocol and 
operable to store the signature in the signature block, the signature block further 
including a signature value portion, the metalanguage processor further operable 
to store, in the signature value portion, authentication indicators according to the 
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predetermined protocol, wherein storing further comprises storing the signature 
in the signature value portion; and 

an interface in the data communications device operable to transmit, 
according to the predetermined protocol, the signature block to a client 
conversant in the predetermined protocol, the metalanguage processor being 
further operable to generate the signature block having the information object 
portion, the information object portion further operable for storing the payload 
data at the client unencumbered by signature generation operability, the 
signature block further operable to receive and store, in the information object 
portion, payload data in a nondestructive manner, the nondestructive manner 
operable to preserve the covered data portion and corresponding signature 
without regenerating the signature such that the pavload data is not included in 
computing the signature , the signature block being a script having fields defined 
by a predetermined metalanguage syntax, the metalanguage syntax defining the 
position of the covered data portion and corresponding signature, the signature 
block receivable by a recipient device conversant in the predetermined 
metalanguage syntax for decoding the message. 

21. (Canceled) 

22. (Original) The data communications device of claim 20 wherein the 
signature block further includes a key information portion, the cryptographic 
engine further operable to store a validation instrument in the key information 
portion, the validation instrument operable to authenticate the signature. 

23. (Original) The data communications device of claim 22 wherein the 
validation instrument corresponds to an inverse operation of the generating of the 
signature. 



24. (Canceled) 
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25. (Original) The data communications device of claim 20 wherein the 
signature block is adapted for storing the payload data by the client to generate a 
signature message transmission block of data conformant with the 
predetermined protocol and operable to be received as a signature authenticated 
transmission by a destination node according to the predetermined protocol. 

26. (Original) The data communications device of claim 20 wherein the 
cryptographic engine is further operable to generate the signature corresponding 
to the covered data portion of the signature block. 

27. (Original) The data communications device of claim 20 wherein the 
cryptographic engine is further operable to compute a digest on the covered data 
portion, the digest substantially indicative of the data in the covered data portion. 

28. (Original) The data communications device of claim 20 wherein the 
validation instrument is a public key and generating the signature further 
comprises generating a signature using the private key corresponding to the 
public key. 

29. (Currently Amended) A method for transmitting data in a network system 
according to a signature-based protocol comprising: 

identifying, at a server, data adapted for cryptographic 

transmission; 

computing a digest on the identified data, the digest substantially 
indicative of the identified data; 

building, according to a cryptographic scripting language, a 
signature block, the signature block having a signed data portion, a signature 
value portion, a key information portion, and at least one information object 
portion, the signature value portion operable to store the signature as an 



U.S. Application No.: 10/664,613 



Attorney Docket No.: SUN03-06(P9621) 



-9- 

authentication indicator according to the predetermined protocol, further 
comprises storing the signature in the signature value portion; 

storing the identified data in the signed data portion of a signature block; 

retrieving, from a public key infrastructure (PKI) a public and private key 
pair operable for cryptographic operations; 

generating, at a server, a signature value from the private key 
corresponding to the computed digest, the signature substantially unrecreatable 
by data other than the computed digest; 

storing the signature value in the signature value portion of the signature 
block before storing pavload data to the information object portion , the signature 
value portion and corresponding signature value persisting as a signature block 
according to the predetermined protocol including the payload data portion, the 
signature value covering the covered data portion and the information object 
portion remaining independent of the signature value , the signature computed 
only on data in the covered data portion ; 

storing the public key corresponding to the private key in the key 
information portion to provide a self-authenticating transmission; and 

transmitting, according to the predetermined protocol, the signature block 
to a client also conversant in the scripting language and operable to store 
payload data in the information object portion independently of the signature 
value portion, storing in the information object portion further comprises storing 
the payload data at a nonsigning client, the client being unencumbered by 
signature generation operability, the covered data portion remaining unwritten by 
the nonsigning client, the signature block being a script having fields defined by a 
predetermined metalanguage syntax, the metalanguage syntax defining the 
position of the covered data portion and corresponding signature, the signature 
block receivable by a recipient device conversant in the predetermined 
metalanguage syntax for decoding the message. 
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30. (Previously Presented) The method of claim 29 wherein the scripting 
language is operabie to incorporate signature components such that the scripting 
language is operable with signing capability when signature components are 
available and operable without signing capability when signature components are 
unavailable, further comprising: 

identifying the signature value portion from a subset of available 
fields in the signature block, the signature value corresponding to the identified 
subset and the remaining available fields independent of the signature value; 

identifying, from the remaining available fields, payload data portions 
operable for subsequent storage of data independent of the signature value and 
the signature value portion. 

31 . (Currently Amended) The method of claim 29 further comprising a system 
for signature use by a nonsigning client, the nonsigning client unencumbered 
from cryptographic operation components, comprising: 

at the client, identifying payload data adapted for storage in the 
information object portions according to the scripting language independent of 
the signature value; and 

storing , after receiving the signature block by the client, the identified 
payload data in the information object portions in a nondestructive manner, the 
nondestructive manner operable to preserve the covered data portion and 
corresponding signature without regenerating the signature such that the payload 
data is not included in computing the signature , the client unencumbered and 
inoperable to encrypt and decrypt the signed data. 

32. (Currently Amended) A computer program product having an encoded set 
of processor based instructions defined as computer program code on a 
computer readable storage medium operable to store computer program logic 
embodied in computer program code encoded thereon for transmitting data from 
a nonsigning client according to a signature-based protocol, comprising: 
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computer program code for receiving a signature block and a signature 
corresponding to the signature block, the signature block having a covered data 
portion corresponding to the signature, and an information object portion, the 
signature computed only on data in the covered data portion, the receiving client 
conversant in a predetermined protocol and the signature and signature block 
being conformant with the predetermined protocol; 

computer program code for storing, in the information object portion of the 
signature block, payload data in a nondestructive manner, the nondestructive 
manner operable to preserve the covered data portion and the corresponding 
signature without regenerating the signature such that the pavload data is not 
included in computing the signature , the covered data portion remaining 
unwritten by the nonsigning client, wherein storing in the information object 
portion further comprises storing the payload data in the information object 
portion at a client, the client being unencumbered by signature generation 
operability; and 

computer program code for transmitting, according to the predetermined 
protocol, the signature block to a recipient destination conversant in the 
predetermined protocol, the information object portion included in the signature 
block according to the predetermined protocol, wherein the signature block 
further includes a signature value portion, the signature value portion operable to 
store the signature as an authentication indicator according to the predetermined 
protocol, wherein storing further comprises storing the signature in the signature 
value portion, the signature covering the covered data portion and the 
information object portion remaining independent of the signature, the signature 
block being a script having fields defined by a predetermined metalanguage 
syntax, the metalanguage syntax defining the position of the covered data portion 
and corresponding signature, the signature block receivable by a recipient device 
conversant in the predetermined metalanguage syntax for decoding the 
message. 
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Claims 33-34. (Canceled) 

35. (Previously Presented) The method of claim 1 further comprising: 
generating, at the server, a set of predetermined signatures operable for 

insertion in a message conformant to the predetermined protocol; 

storing, in a signature repository at the server, a bank of signatures 
including the set of predetermined signatures; and 

transmitting, responsive to a request from the nonsigning client, a 
signature from the bank of signatures for insertion in a signature block in 
conjunction with a payload. 

36. (Currently Amended) A method for transmitting data in conformance with 
a signature-based protocol comprising: 

transmitting, from a nonsigning client, a request for a signature block, the 
signature block operable to store signature based data corresponding to a 
predetermined protocol; 

generating a signature block, the signature block having a covered data 
portion and an information object portion, the covered data portion corresponding 
to a signature and the information object portion for storing payload data 
independent of the signature; 

computing, based on the covered data portion, a signature indicative of 
the covered data portion , the signature computed only on data in the covered 
data portion ; 

storing the computed signature in the signature block before writing to the 
information object portion : 

transmitting the signature block to the nonsigning client, the non-signing 
client conversant in the predetermined protocol but absent an ability to compute 
and authenticate the signature indicative of the covered data portion; 

populating, at the nonsigning client after receiving the signature block , the 
information object portion, the information object portion independent of the 
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signature, populating preserving the covered data portion and the corresponding 
computed signature according to the predetermined protocol such that populating 
is not included in computing the signature , the covered data portion remaining 
unwritten by the nonsigning client; and 

transmitting the signature block to a destination operable to receive and 
authenticate the signature and corresponding covered data portion, the 
destination further operable to receive the payload data in the information object 
portion. 

37. (Previously Presented) The method of claim 36 wherein the 
predetermined protocol is XML and the signatures are conformant to XML 
signatures, such that storing into the information object portion includes writing in 
to payload fields in an XML message, the signature being an XML signature and 
remaining unchanged with respect to the values written in the payload fields. 



